mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-19 19:50:42 +08:00
Code Issues Packages Projects Releases Wiki Activity

Remove the external BoringSSL test

Browse Source 
Fixes #14424

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14682)
This commit is contained in:
Tomas Mraz 2021-03-25 12:46:29 +01:00
parent 6b2e51dd36
commit cede07dc51
19 changed files with 60 additions and 2864 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitattributes vendored
View File

@ -8,7 +8,6 @@ fuzz/corpora/** export-ignore
Configurations/*.norelease.conf export-ignore
.* export-ignore
util/mktar.sh export-ignore
boringssl export-ignore
krb5 export-ignore
pyca-cryptography export-ignore
dev export-ignore

2
.github/workflows/ci.yml vendored
View File

@ -200,7 +200,5 @@ jobs:
run: make test TESTS="test_external_gost_engine"
- name: test external krb5
run: make test TESTS="test_external_krb5"
# - name: test external boringssl
# run: BORING_RUNNER_DIR=$(pwd)/boringssl/ssl/test/runner make test TESTS="test_external_boringssl"
# - name: test external pyca
# run: make test TESTS="test_external_pyca"

4
.gitmodules vendored
View File

@ -1,7 +1,3 @@
[submodule "boringssl"]
path = boringssl
url = https://boringssl.googlesource.com/boringssl
[submodule "pyca.cryptography"]
path = pyca-cryptography
url = https://github.com/pyca/cryptography.git

2
INSTALL.md
View File

@ -692,7 +692,7 @@ Enable building of integration with external test suites.
This is a developer option and may not work on all platforms. The following
external test suites are currently supported:
- BoringSSL test suite
- GOST engine test suite
- Python PYCA/Cryptography test suite
- krb5 test suite

1
boringssl

@ -1 +0,0 @@
Subproject commit 2070f8ad9151dc8f3a73bffaa146b5e6937a583f

63
test/README-external.md
View File

@ -5,69 +5,6 @@ It is possible to integrate external test suites into OpenSSL's `make test`.
This capability is considered a developer option and does not work on all
platforms.
The BoringSSL test suite
========================
In order to run the BoringSSL tests with OpenSSL, first checkout the BoringSSL
source code into an appropriate directory. This can be done in two ways:
1) Separately from the OpenSSL checkout using:
$ git clone https://boringssl.googlesource.com/boringssl boringssl
The BoringSSL tests are only confirmed to work at a specific commit in the
BoringSSL repository. Later commits may or may not pass the test suite:
$ cd boringssl
$ git checkout 490469f850e
2) Using the already configured submodule settings in OpenSSL:
$ git submodule update --init
Configure the OpenSSL source code to enable the external tests:
$ cd ../openssl
$ ./config enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers \
enable-external-tests
Note that using other config options than those given above may cause the tests
to fail.
Run the OpenSSL tests by providing the path to the BoringSSL test runner in the
`BORING_RUNNER_DIR` environment variable:
$ BORING_RUNNER_DIR=/path/to/boringssl/ssl/test/runner make test
Note that the test suite may change directory while running so the path provided
should be absolute and not relative to the current working directory.
To see more detailed output you can run just the BoringSSL tests with the
verbose option:
$ VERBOSE=1 BORING_RUNNER_DIR=/path/to/boringssl/ssl/test/runner make \
TESTS="test_external_boringssl" test
Test failures and suppressions
------------------------------
A large number of the BoringSSL tests are known to fail. A test could fail
because of many possible reasons. For example:
- A bug in OpenSSL
- Different interpretations of standards
- Assumptions about the way BoringSSL works that do not apply to OpenSSL
- The test uses APIs added to BoringSSL that are not present in OpenSSL
- etc
In order to provide a "clean" baseline run with all the tests passing a config
file has been provided that suppresses the running of tests that are known to
fail. These suppressions are held in the file "test/ossl_shim/ossl_config.json"
within the OpenSSL source code.
The community is encouraged to contribute patches which reduce the number of
suppressions that are currently present.
Python PYCA/Cryptography test suite
===================================

2
test/build.info
View File

@ -1,5 +1,3 @@
SUBDIRS=ossl_shim
# TODO: use ../apps/libapps.a instead of direct ../apps/lib source.
# This can't currently be done, because some of its units drag in too many
# unresolved references that don't apply here.

245
test/data2.bin
View File

@ -1,188 +1,61 @@
TEST DATA2
Running external test suites with OpenSSL
=========================================
It is possible to integrate external test suites into OpenSSL's "make test".
This capability is considered a developer option and does not work on all
platforms.
The BoringSSL test suite
========================
In order to run the BoringSSL tests with OpenSSL, first checkout the BoringSSL
source code into an appropriate directory. This can be done in two ways:
1) Separately from the OpenSSL checkout using:
$ git clone https://boringssl.googlesource.com/boringssl boringssl
The BoringSSL tests are only confirmed to work at a specific commit in the
BoringSSL repository. Later commits may or may not pass the test suite:
$ cd boringssl
$ git checkout 490469f850e
2) Using the already configured submodule settings in OpenSSL:
$ git submodule update --init
Configure the OpenSSL source code to enable the external tests:
$ cd ../openssl
$ ./config enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers \
enable-external-tests
Note that using other config options than those given above may cause the tests
to fail.
Run the OpenSSL tests by providing the path to the BoringSSL test runner in the
BORING_RUNNER_DIR environment variable:
$ BORING_RUNNER_DIR=/path/to/boringssl/ssl/test/runner make test
Note that the test suite may change directory while running so the path provided
should be absolute and not relative to the current working directory.
To see more detailed output you can run just the BoringSSL tests with the
verbose option:
$ VERBOSE=1 BORING_RUNNER_DIR=/path/to/boringssl/ssl/test/runner make \
TESTS="test_external_boringssl" test
Test failures and suppressions
------------------------------
A large number of the BoringSSL tests are known to fail. A test could fail
because of many possible reasons. For example:
- A bug in OpenSSL
- Different interpretations of standards
- Assumptions about the way BoringSSL works that do not apply to OpenSSL
- The test uses APIs added to BoringSSL that are not present in OpenSSL
- etc
In order to provide a "clean" baseline run with all the tests passing a config
file has been provided that suppresses the running of tests that are known to
fail. These suppressions are held in the file "test/ossl_shim/ossl_config.json"
within the OpenSSL source code.
The community is encouraged to contribute patches which reduce the number of
suppressions that are currently present.
Python PYCA/Cryptography test suite
===================================
This python test suite runs cryptographic tests with a local OpenSSL build as
the implementation.
First checkout the PYCA/Cryptography module into ./pyca-cryptography using:
$ git submodule update --init
Then configure/build OpenSSL compatible with the python module:
$ ./config shared enable-external-tests
$ make
The tests will run in a python virtual environment which requires virtualenv
to be installed.
$ make test VERBOSE=1 TESTS=test_external_pyca
Test failures and suppressions
------------------------------
Some tests target older (<=1.0.2) versions so will not run. Other tests target
other crypto implementations so are not relevant. Currently no tests fail.
krb5 test suite
===============
Much like the PYCA/Cryptography test suite, this builds and runs the krb5
tests against the local OpenSSL build.
You will need a git checkout of krb5 at the top level:
$ git clone https://github.com/krb5/krb5
krb5's master has to pass this same CI, but a known-good version is
krb5-1.15.1-final if you want to be sure.
$ cd krb5
$ git checkout krb5-1.15.1-final
$ cd ..
OpenSSL must be built with external tests enabled:
$ ./config enable-external-tests
$ make
krb5's tests will then be run as part of the rest of the suite, or can be
explicitly run (with more debugging):
$ VERBOSE=1 make TESTS=test_external_krb5 test
Test-failures suppressions
--------------------------
krb5 will automatically adapt its test suite to account for the configuration
of your system. Certain tests may require more installed packages to run. No
tests are expected to fail.
GOST engine test suite
===============
Much like the PYCA/Cryptography test suite, this builds and runs the GOST engine
tests against the local OpenSSL build.
You will need a git checkout of gost-engine at the top level:
$ git submodule update --init
Then configure/build OpenSSL enabling external tests:
$ ./config shared enable-external-tests
$ make
GOST engine requires CMake for the build process.
GOST engine tests will then be run as part of the rest of the suite, or can be
explicitly run (with more debugging):
$ make test VERBOSE=1 TESTS=test_external_gost_engine
Updating test suites
====================
To update the commit for any of the above test suites:
- Make sure the submodules are cloned locally:
$ git submodule update --init --recursive
- Enter subdirectory and pull from the repository (use a specific branch/tag if required):
$ cd <submodule-dir>
$ git pull origin master
- Go to root directory, there should be a new git status:
$ cd ../
$ git status
...
# modified: <submodule-dir> (new commits)
...
- Add/commit/push the update
git add <submodule-dir>
git commit -m "Updated <submodule> to latest commit"
git push
This is just some data that is meant to be different from the contents
of the data.bin file.
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod
tempor incididunt ut labore et dolore magna aliqua. Hendrerit dolor magna
eget est. Integer enim neque volutpat ac tincidunt vitae. Erat imperdiet
sed euismod nisi porta. Sit amet volutpat consequat mauris nunc.
Fermentum leo vel orci porta non. Purus viverra accumsan in nisl.
Volutpat maecenas volutpat blandit aliquam etiam erat velit scelerisque.
Gravida in fermentum et sollicitudin ac orci phasellus. Ut eu sem integer
vitae justo eget. Enim tortor at auctor urna nunc id. Laoreet non
curabitur gravida arcu ac tortor dignissim convallis aenean. A lacus
vestibulum sed arcu non odio euismod lacinia. In metus vulputate eu
scelerisque felis imperdiet proin fermentum. Semper quis lectus nulla at
volutpat diam ut venenatis tellus. Hac habitasse platea dictumst quisque.
Augue ut lectus arcu bibendum at varius vel pharetra. Nisl nunc mi ipsum
faucibus vitae aliquet. Nec sagittis aliquam malesuada bibendum arcu
vitae. Tellus id interdum velit laoreet id donec ultrices.
Eget gravida cum sociis natoque. Nunc vel risus commodo viverra maecenas
accumsan. Enim lobortis scelerisque fermentum dui faucibus. Quis eleifend
quam adipiscing vitae. Nec nam aliquam sem et tortor. Pharetra massa
massa ultricies mi quis hendrerit. Tellus in metus vulputate eu
scelerisque. Et ultrices neque ornare aenean euismod elementum. Tellus
mauris a diam maecenas sed enim ut sem viverra. Fermentum leo vel orci
porta non pulvinar neque. Risus nullam eget felis eget nunc. Sed tempus
urna et pharetra pharetra massa massa ultricies. Dui sapien eget mi
proin. Vitae elementum curabitur vitae nunc sed velit dignissim sodales.
Sed arcu non odio euismod lacinia at. Enim praesent elementum facilisis
leo vel fringilla. Vel facilisis volutpat est velit egestas dui id ornare
arcu. Arcu dictum varius duis at. Pretium lectus quam id leo in vitae.
Egestas fringilla phasellus faucibus scelerisque eleifend donec. Ut
ornare lectus sit amet est placerat in egestas. Viverra ipsum nunc
aliquet bibendum enim facilisis gravida neque. Commodo ullamcorper a
lacus vestibulum. Urna molestie at elementum eu. Mi in nulla posuere
sollicitudin aliquam ultrices sagittis orci a. Orci sagittis eu volutpat
odio facilisis mauris sit. Volutpat ac tincidunt vitae semper quis.
Adipiscing elit duis tristique sollicitudin nibh. Dignissim enim sit amet
venenatis urna cursus. Lacus luctus accumsan tortor posuere ac ut. Eu
feugiat pretium nibh ipsum consequat nisl. Arcu risus quis varius quam
quisque id diam. Urna nec tincidunt praesent semper feugiat nibh sed. Sed
libero enim sed faucibus turpis in eu mi.
Suspendisse faucibus interdum posuere lorem ipsum dolor sit amet. Aliquet
eget sit amet tellus cras adipiscing enim. Lectus proin nibh nisl
condimentum id. Et odio pellentesque diam volutpat commodo sed egestas
egestas. Tempor id eu nisl nunc mi ipsum. Egestas erat imperdiet sed
euismod nisi porta lorem mollis aliquam. Pretium quam vulputate dignissim
suspendisse in est. Volutpat commodo sed egestas egestas fringilla. In
aliquam sem fringilla ut. Viverra accumsan in nisl nisi. Nam at lectus
urna duis convallis convallis. Tortor posuere ac ut consequat semper.
Pellentesque habitant morbi tristique senectus et netus et malesuada.
Aliquet enim tortor at auctor urna nunc id cursus metus. Sit amet luctus
venenatis lectus magna. A diam maecenas sed enim ut sem viverra aliquet.
Pellentesque sit amet porttitor eget dolor morbi. Eget lorem dolor sed
viverra ipsum nunc aliquet bibendum enim. Iaculis urna id volutpat lacus
laoreet non curabitur. Mattis vulputate enim nulla aliquet porttitor
lacus luctus accumsan tortor.

183
test/ossl_shim/async_bio.cc
View File

@ -1,183 +0,0 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "async_bio.h"
#include <errno.h>
#include <string.h>
#include <openssl/bio.h>
#include <openssl/crypto.h>
namespace {
struct AsyncBio {
bool datagram;
bool enforce_write_quota;
size_t read_quota;
size_t write_quota;
};
AsyncBio *GetData(BIO *bio) {
return (AsyncBio *)BIO_get_data(bio);
}
static int AsyncWrite(BIO *bio, const char *in, int inl) {
AsyncBio *a = GetData(bio);
if (a == NULL || BIO_next(bio) == NULL) {
return 0;
}
if (!a->enforce_write_quota) {
return BIO_write(BIO_next(bio), in, inl);
}
BIO_clear_retry_flags(bio);
if (a->write_quota == 0) {
BIO_set_retry_write(bio);
errno = EAGAIN;
return -1;
}
if (!a->datagram && (size_t)inl > a->write_quota) {
inl = a->write_quota;
}
int ret = BIO_write(BIO_next(bio), in, inl);
if (ret <= 0) {
BIO_copy_next_retry(bio);
} else {
a->write_quota -= (a->datagram ? 1 : ret);
}
return ret;
}
static int AsyncRead(BIO *bio, char *out, int outl) {
AsyncBio *a = GetData(bio);
if (a == NULL || BIO_next(bio) == NULL) {
return 0;
}
BIO_clear_retry_flags(bio);
if (a->read_quota == 0) {
BIO_set_retry_read(bio);
errno = EAGAIN;
return -1;
}
if (!a->datagram && (size_t)outl > a->read_quota) {
outl = a->read_quota;
}
int ret = BIO_read(BIO_next(bio), out, outl);
if (ret <= 0) {
BIO_copy_next_retry(bio);
} else {
a->read_quota -= (a->datagram ? 1 : ret);
}
return ret;
}
static long AsyncCtrl(BIO *bio, int cmd, long num, void *ptr) {
if (BIO_next(bio) == NULL) {
return 0;
}
BIO_clear_retry_flags(bio);
int ret = BIO_ctrl(BIO_next(bio), cmd, num, ptr);
BIO_copy_next_retry(bio);
return ret;
}
static int AsyncNew(BIO *bio) {
AsyncBio *a = (AsyncBio *)OPENSSL_malloc(sizeof(*a));
if (a == NULL) {
return 0;
}
memset(a, 0, sizeof(*a));
a->enforce_write_quota = true;
BIO_set_init(bio, 1);
BIO_set_data(bio, a);
return 1;
}
static int AsyncFree(BIO *bio) {
if (bio == NULL) {
return 0;
}
OPENSSL_free(BIO_get_data(bio));
BIO_set_data(bio, NULL);
BIO_set_init(bio, 0);
return 1;
}
static long AsyncCallbackCtrl(BIO *bio, int cmd, BIO_info_cb fp)
{
if (BIO_next(bio) == NULL)
return 0;
return BIO_callback_ctrl(BIO_next(bio), cmd, fp);
}
static BIO_METHOD *g_async_bio_method = NULL;
static const BIO_METHOD *AsyncMethod(void)
{
if (g_async_bio_method == NULL) {
g_async_bio_method = BIO_meth_new(BIO_TYPE_FILTER, "async bio");
if ( g_async_bio_method == NULL
|| !BIO_meth_set_write(g_async_bio_method, AsyncWrite)
|| !BIO_meth_set_read(g_async_bio_method, AsyncRead)
|| !BIO_meth_set_ctrl(g_async_bio_method, AsyncCtrl)
|| !BIO_meth_set_create(g_async_bio_method, AsyncNew)
|| !BIO_meth_set_destroy(g_async_bio_method, AsyncFree)
|| !BIO_meth_set_callback_ctrl(g_async_bio_method, AsyncCallbackCtrl))
return NULL;
}
return g_async_bio_method;
}
} // namespace
bssl::UniquePtr<BIO> AsyncBioCreate() {
return bssl::UniquePtr<BIO>(BIO_new(AsyncMethod()));
}
bssl::UniquePtr<BIO> AsyncBioCreateDatagram() {
bssl::UniquePtr<BIO> ret(BIO_new(AsyncMethod()));
if (!ret) {
return nullptr;
}
GetData(ret.get())->datagram = true;
return ret;
}
void AsyncBioAllowRead(BIO *bio, size_t count) {
AsyncBio *a = GetData(bio);
if (a == NULL) {
return;
}
a->read_quota += count;
}
void AsyncBioAllowWrite(BIO *bio, size_t count) {
AsyncBio *a = GetData(bio);
if (a == NULL) {
return;
}
a->write_quota += count;
}
void AsyncBioEnforceWriteQuota(BIO *bio, bool enforce) {
AsyncBio *a = GetData(bio);
if (a == NULL) {
return;
}
a->enforce_write_quota = enforce;
}

39
test/ossl_shim/async_bio.h
View File

@ -1,39 +0,0 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifndef OSSL_TEST_SHIM_ASYNC_BIO_H
#define OSSL_TEST_SHIM_ASYNC_BIO_H
#include <openssl/base.h>
#include <openssl/bio.h>
// AsyncBioCreate creates a filter BIO for testing asynchronous state
// machines which consume a stream socket. Reads and writes will fail
// and return EAGAIN unless explicitly allowed. Each async BIO has a
// read quota and a write quota. Initially both are zero. As each is
// incremented, bytes are allowed to flow through the BIO.
bssl::UniquePtr<BIO> AsyncBioCreate();
// AsyncBioCreateDatagram creates a filter BIO for testing for
// asynchronous state machines which consume datagram sockets. The read
// and write quota count in packets rather than bytes.
bssl::UniquePtr<BIO> AsyncBioCreateDatagram();
// AsyncBioAllowRead increments |bio|'s read quota by |count|.
void AsyncBioAllowRead(BIO *bio, size_t count);
// AsyncBioAllowWrite increments |bio|'s write quota by |count|.
void AsyncBioAllowWrite(BIO *bio, size_t count);
// AsyncBioEnforceWriteQuota configures where |bio| enforces its write quota.
void AsyncBioEnforceWriteQuota(BIO *bio, bool enforce);
#endif // OSSL_TEST_SHIM_ASYNC_BIO_H

6
test/ossl_shim/build.info
View File

@ -1,6 +0,0 @@
IF[{- defined $target{CXX} && !$disabled{"external-tests"} -}]
PROGRAMS{noinst}=ossl_shim
SOURCE[ossl_shim]=ossl_shim.cc async_bio.cc packeted_bio.cc test_config.cc
INCLUDE[ossl_shim]=. include ../../include
DEPEND[ossl_shim]=../../libssl ../../libcrypto
ENDIF

114
test/ossl_shim/include/openssl/base.h
View File

@ -1,114 +0,0 @@
/*
* Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifndef OSSL_TEST_SHIM_INCLUDE_OPENSSL_BASE_H
#define OSSL_TEST_SHIM_INCLUDE_OPENSSL_BASE_H
/* Needed for DH functions */
#include "internal/deprecated.h"
/* Needed for BORINGSSL_MAKE_DELETER */
# include <openssl/bio.h>
# include <openssl/evp.h>
# include <openssl/dh.h>
# include <openssl/x509.h>
# include <openssl/ssl.h>
# define OPENSSL_ARRAY_SIZE(array) (sizeof(array) / sizeof((array)[0]))
extern "C++" {
#include <memory>
namespace bssl {
namespace internal {
template <typename T>
struct DeleterImpl {};
template <typename T>
struct Deleter {
void operator()(T *ptr) {
// Rather than specialize Deleter for each type, we specialize
// DeleterImpl. This allows bssl::UniquePtr<T> to be used while only
// including base.h as long as the destructor is not emitted. This matches
// std::unique_ptr's behavior on forward-declared types.
//
// DeleterImpl itself is specialized in the corresponding module's header
// and must be included to release an object. If not included, the compiler
// will error that DeleterImpl<T> does not have a method Free.
DeleterImpl<T>::Free(ptr);
}
};
template <typename T, typename CleanupRet, void (*init)(T *),
CleanupRet (*cleanup)(T *)>
class StackAllocated {
public:
StackAllocated() { init(&ctx_); }
~StackAllocated() { cleanup(&ctx_); }
StackAllocated(const StackAllocated<T, CleanupRet, init, cleanup> &) = delete;
T& operator=(const StackAllocated<T, CleanupRet, init, cleanup> &) = delete;
T *get() { return &ctx_; }
const T *get() const { return &ctx_; }
void Reset() {
cleanup(&ctx_);
init(&ctx_);
}
private:
T ctx_;
};
} // namespace internal
#define BORINGSSL_MAKE_DELETER(type, deleter) \
namespace internal { \
template <> \
struct DeleterImpl<type> { \
static void Free(type *ptr) { deleter(ptr); } \
}; \
}
// This makes a unique_ptr to STACK_OF(type) that owns all elements on the
// stack, i.e. it uses sk_pop_free() to clean up.
#define BORINGSSL_MAKE_STACK_DELETER(type, deleter) \
namespace internal { \
template <> \
struct DeleterImpl<STACK_OF(type)> { \
static void Free(STACK_OF(type) *ptr) { \
sk_##type##_pop_free(ptr, deleter); \
} \
}; \
}
// Holds ownership of heap-allocated BoringSSL structures. Sample usage:
// bssl::UniquePtr<BIO> rsa(RSA_new());
// bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
template <typename T>
using UniquePtr = std::unique_ptr<T, internal::Deleter<T>>;
BORINGSSL_MAKE_DELETER(BIO, BIO_free)
BORINGSSL_MAKE_DELETER(EVP_PKEY, EVP_PKEY_free)
BORINGSSL_MAKE_DELETER(DH, DH_free)
BORINGSSL_MAKE_DELETER(X509, X509_free)
BORINGSSL_MAKE_DELETER(SSL, SSL_free)
BORINGSSL_MAKE_DELETER(SSL_CTX, SSL_CTX_free)
BORINGSSL_MAKE_DELETER(SSL_SESSION, SSL_SESSION_free)
} // namespace bssl
} /* extern C++ */
#endif /* OSSL_TEST_SHIM_INCLUDE_OPENSSL_BASE_H */

301
test/ossl_shim/ossl_config.json
View File

@ -1,301 +0,0 @@
{
"DisabledTests" : {
"*TLS13*":"No TLS1.3 support yet",
"FragmentAlert-DTLS":"Test failure - reason unknown",
"FragmentedClientVersion":"Test failure - reason unknown",
"MTU":"Test failure - reason unknown",
"EmptyCertificateList":"Test failure - reason unknown",
"AppDataBeforeHandshake-DTLS":"Test failure - reason unknown",
"AlertAfterChangeCipherSpec":"Test failure - reason unknown",
"AppDataAfterChangeCipherSpec":"Test failure - reason unknown",
"AppDataAfterChangeCipherSpec-Empty":"Test failure - reason unknown",
"AppDataAfterChangeCipherSpec-DTLS":"Test failure - reason unknown",
"AppDataBeforeHandshake-DTLS-Empty":"Test failure - reason unknown",
"AlertAfterChangeCipherSpec-DTLS":"Test failure - reason unknown",
"FragmentMessageLengthMismatch-DTLS":"Test failure - reason unknown",
"SplitFragments-Header-DTLS":"Test failure - reason unknown",
"SplitFragments-Boundary-DTLS":"Test failure - reason unknown",
"SplitFragments-Body-DTLS":"Test failure - reason unknown",
"SendEmptyFragments-DTLS":"Test failure - reason unknown",
"SendInvalidRecordType-DTLS":"Test failure - reason unknown",
"SendInvalidRecordType":"Test failure - reason unknown",
"FragmentMessageTypeMismatch-DTLS":"Test failure - reason unknown",
"SendWarningAlerts-Pass":"Test failure - reason unknown",
"SendWarningAlerts-DTLS-Pass":"Test failure - reason unknown",
"TooManyKeyUpdates":"Test failure - reason unknown",
"Unclean-Shutdown-Alert":"Test failure - reason unknown",
"V2ClientHello-WarningAlertPrefix":"Test failure - reason unknown",
"BadHelloRequest-2":"Test failure - reason unknown",
"DTLS-SendExtraFinished":"Test failure - reason unknown",
"NoNullCompression-TLS12":"Test failure - reason unknown",
"KeyUpdate-Client":"Test failure - reason unknown",
"KeyUpdate-InvalidRequestMode":"Test failure - reason unknown",
"DTLS-SendExtraFinished-Reordered":"Test failure - reason unknown",
"LargeMessage-Reject-DTLS":"Test failure - reason unknown",
"KeyUpdate-Server":"Test failure - reason unknown",
"SSL3-ECDHE-PSK-AES128-CBC-SHA-server":"Test failure - reason unknown",
"SSL3-ECDHE-PSK-AES256-CBC-SHA-server":"Test failure - reason unknown",
"DTLS1-NULL-SHA-server":"Test failure - reason unknown",
"DTLS1-NULL-SHA-client":"Test failure - reason unknown",
"DTLS12-NULL-SHA-client":"Test failure - reason unknown",
"DTLS12-NULL-SHA-server":"Test failure - reason unknown",
"BadECDSA-1-4":"Test failure - reason unknown",
"BadECDSA-3-4":"Test failure - reason unknown",
"BadECDSA-4-1":"Test failure - reason unknown",
"BadECDSA-4-4":"Test failure - reason unknown",
"BadECDSA-4-3":"Test failure - reason unknown",
"SillyDH":"Test failure - reason unknown",
"VersionNegotiationExtension-TLS1-DTLS":"Test failure - reason unknown",
"NoSupportedVersions-DTLS":"Test failure - reason unknown",
"VersionTooLow-DTLS":"Test failure - reason unknown",
"IgnoreClientVersionOrder":"Test failure - reason unknown",
"VersionTooLow":"Test failure - reason unknown",
"MinimumVersion-Server-TLS1-SSL3":"Test failure - reason unknown",
"MinimumVersion-Server2-TLS1-SSL3":"Test failure - reason unknown",
"MinimumVersion-Client2-TLS1-SSL3":"Test failure - reason unknown",
"MinimumVersion-Server2-TLS11-SSL3":"Test failure - reason unknown",
"MinimumVersion-Server-TLS11-SSL3":"Test failure - reason unknown",
"MinimumVersion-Client2-TLS11-SSL3":"Test failure - reason unknown",
"MinimumVersion-Client2-TLS11-TLS1":"Test failure - reason unknown",
"MinimumVersion-Server2-TLS12-SSL3":"Test failure - reason unknown",
"MinimumVersion-Server-TLS12-SSL3":"Test failure - reason unknown",
"MinimumVersion-Client2-TLS12-TLS1":"Test failure - reason unknown",
"MinimumVersion-Client2-TLS12-SSL3":"Test failure - reason unknown",
"MinimumVersion-Client2-TLS12-TLS1-DTLS":"Test failure - reason unknown",
"MinimumVersion-Client2-TLS12-TLS11":"Test failure - reason unknown",
"DuplicateExtensionClient-TLS1":"Test failure - reason unknown",
"DuplicateExtensionServer-TLS1":"Test failure - reason unknown",
"ALPNClient-Mismatch-TLS1":"Test failure - reason unknown",
"UnsolicitedServerNameAck-TLS1":"Test failure - reason unknown",
"ALPNServer-Decline-TLS1":"Test failure - reason unknown",
"ALPNClient-EmptyProtocolName-TLS1":"Test failure - reason unknown",
"NegotiateALPNAndNPN-Swapped-TLS1":"Test failure - reason unknown",
"NegotiateALPNAndNPN-TLS1":"Test failure - reason unknown",
"TicketSessionIDLength-33-TLS1":"Test failure - reason unknown",
"DuplicateExtensionClient-TLS11":"Test failure - reason unknown",
"DuplicateExtensionServer-TLS11":"Test failure - reason unknown",
"UnsolicitedServerNameAck-TLS11":"Test failure - reason unknown",
"ALPNServer-Decline-TLS11":"Test failure - reason unknown",
"ALPNClient-Mismatch-TLS11":"Test failure - reason unknown",
"ALPNClient-EmptyProtocolName-TLS11":"Test failure - reason unknown",
"NegotiateALPNAndNPN-TLS11":"Test failure - reason unknown",
"NegotiateALPNAndNPN-Swapped-TLS11":"Test failure - reason unknown",
"TicketSessionIDLength-33-TLS11":"Test failure - reason unknown",
"DuplicateExtensionServer-TLS12":"Test failure - reason unknown",
"DuplicateExtensionClient-TLS12":"Test failure - reason unknown",
"UnsolicitedServerNameAck-TLS12":"Test failure - reason unknown",
"ALPNServer-Decline-TLS12":"Test failure - reason unknown",
"ALPNClient-Mismatch-TLS12":"Test failure - reason unknown",
"ALPNClient-EmptyProtocolName-TLS12":"Test failure - reason unknown",
"NegotiateALPNAndNPN-TLS12":"Test failure - reason unknown",
"NegotiateALPNAndNPN-Swapped-TLS12":"Test failure - reason unknown",
"TicketSessionIDLength-33-TLS12":"Test failure - reason unknown",
"ClientHelloPadding":"Test failure - reason unknown",
"Resume-Server-UnofferedCipher":"Test failure - reason unknown",
"Resume-Client-CipherMismatch":"Test failure - reason unknown",
"Resume-Server-ExtraIdentityNoBinder":"Test failure - reason unknown",
"Resume-Server-BinderWrongLength":"Test failure - reason unknown",
"Resume-Server-ExtraPSKBinder":"Test failure - reason unknown",
"Resume-Server-NoPSKBinder":"Test failure - reason unknown",
"Resume-Server-PSKBinderFirstExtension":"Test failure - reason unknown",
"Resume-Server-InvalidPSKBinder":"Test failure - reason unknown",
"ExtendedMasterSecret-NoToYes-Client":"Test failure - reason unknown",
"Renegotiate-Server-Forbidden":"Test failure - reason unknown",
"ExtendedMasterSecret-Renego-NoEMS":"Test failure - reason unknown",
"Renegotiate-Client-SwitchVersion":"Test failure - reason unknown",
"Renegotiate-Client-Upgrade":"Test failure - reason unknown",
"Renegotiate-SameClientVersion":"Test failure - reason unknown",
"Renegotiate-Client-Downgrade":"Test failure - reason unknown",
"Renegotiate-Client-SwitchCiphers2":"Test failure - reason unknown",
"Renegotiate-Client-SwitchCiphers":"Test failure - reason unknown",
"Renegotiate-Client-Forbidden-1":"Test failure - reason unknown",
"StrayHelloRequest":"Test failure - reason unknown",
"Renegotiate-Client-Freely-2":"Test failure - reason unknown",
"Renegotiate-Client-NoIgnore":"Test failure - reason unknown",
"StrayHelloRequest-Packed":"Test failure - reason unknown",
"Renegotiate-Client-Freely-1":"Test failure - reason unknown",
"Renegotiation-CertificateChange":"Test failure - reason unknown",
"Renegotiation-CertificateChange-2":"Test failure - reason unknown",
"Renegotiate-Client-SSL3":"Test failure - reason unknown",
"ClientAuth-SHA1-Fallback-ECDSA":"Test failure - reason unknown",
"ClientAuth-SHA1-Fallback-RSA":"Test failure - reason unknown",
"P224-Server":"Test failure - reason unknown",
"RSA-PSS-Large":"Test failure - reason unknown",
"DTLS-Retransmit-Client-1":"Test failure - reason unknown",
"DTLS-Retransmit-Client-2":"Test failure - reason unknown",
"DTLS-Retransmit-Server-1":"Test failure - reason unknown",
"DTLS-Retransmit-Server-2":"Test failure - reason unknown",
"DTLS-Retransmit-Client-3":"Test failure - reason unknown",
"DTLS-Retransmit-Server-3":"Test failure - reason unknown",
"DTLS-Retransmit-Client-4":"Test failure - reason unknown",
"Renegotiate-Client-Packed":"Test failure - reason unknown",
"DTLS-Retransmit-Server-4":"Test failure - reason unknown",
"DTLS-Retransmit-Client-5":"Test failure - reason unknown",
"DTLS-Retransmit-Server-6":"Test failure - reason unknown",
"DTLS-Retransmit-Client-6":"Test failure - reason unknown",
"DTLS-Retransmit-Server-5":"Test failure - reason unknown",
"DTLS-Retransmit-Client-7":"Test failure - reason unknown",
"DTLS-Retransmit-Server-7":"Test failure - reason unknown",
"DTLS-Retransmit-Client-8":"Test failure - reason unknown",
"DTLS-Retransmit-Client-9":"Test failure - reason unknown",
"DTLS-Retransmit-Server-8":"Test failure - reason unknown",
"DTLS-Retransmit-Server-9":"Test failure - reason unknown",
"DTLS-Retransmit-Client-10":"Test failure - reason unknown",
"DTLS-Retransmit-Client-11":"Test failure - reason unknown",
"DTLS-Retransmit-Server-10":"Test failure - reason unknown",
"DTLS-Retransmit-Server-11":"Test failure - reason unknown",
"CustomExtensions-ParseError-Server":"Test failure - reason unknown",
"CustomExtensions-FailAdd-Server":"Test failure - reason unknown",
"CustomExtensions-FailAdd-Client":"Test failure - reason unknown",
"CustomExtensions-ParseError-Client":"Test failure - reason unknown",
"UnknownExtension-Client":"Test failure - reason unknown",
"UnofferedExtension-Client":"Test failure - reason unknown",
"PointFormat-Client-MissingUncompressed":"Test failure - reason unknown",
"PointFormat-Server-MissingUncompressed":"Test failure - reason unknown",
"Basic-Client-RenewTicket-Sync":"Test failure - reason unknown",
"Renegotiate-Client-Sync":"Test failure - reason unknown",
"Shutdown-Shim-Sync":"Test failure - reason unknown",
"Basic-Client-RenewTicket-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
"Renegotiate-Client-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
"Shutdown-Shim-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
"Basic-Client-RenewTicket-Sync-PackHandshakeFlight":"Test failure - reason unknown",
"Renegotiate-Client-Sync-PackHandshakeFlight":"Test failure - reason unknown",
"Shutdown-Shim-Sync-PackHandshakeFlight":"Test failure - reason unknown",
"Basic-Client-RenewTicket-DTLS-Sync":"Test failure - reason unknown",
"Basic-Client-RenewTicket-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
"Basic-Server-Implicit-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
"ClientAuth-NoCertificate-Server-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
"ClientAuth-ECDSA-Client-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
"Basic-Server-RSA-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
"Basic-Server-ECDHE-RSA-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
"Basic-Server-ECDHE-ECDSA-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
"Basic-Client-RenewTicket-Async":"Test failure - reason unknown",
"Shutdown-Shim-Async":"Test failure - reason unknown",
"Basic-Client-RenewTicket-Async-SplitHandshakeRecords":"Test failure - reason unknown",
"Shutdown-Shim-Async-SplitHandshakeRecords":"Test failure - reason unknown",
"Basic-Client-RenewTicket-Async-PackHandshakeFlight":"Test failure - reason unknown",
"Shutdown-Shim-Async-PackHandshakeFlight":"Test failure - reason unknown",
"Basic-Client-RenewTicket-DTLS-Async":"Test failure - reason unknown",
"Basic-Client-RenewTicket-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
"Basic-Server-Implicit-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
"ClientAuth-NoCertificate-Server-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
"ClientAuth-ECDSA-Client-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
"Basic-Server-RSA-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
"Basic-Server-ECDHE-RSA-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
"Basic-Server-ECDHE-ECDSA-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
"SendUnencryptedFinished-DTLS":"Test failure - reason unknown",
"PartialEncryptedExtensionsWithServerHello":"Test failure - reason unknown",
"StrayChangeCipherSpec":"Test failure - reason unknown",
"PartialClientFinishedWithClientHello":"Test failure - reason unknown",
"TrailingMessageData-ClientHello":"Test failure - reason unknown",
"TrailingMessageData-ServerHello":"Test failure - reason unknown",
"TrailingMessageData-ServerCertificate":"Test failure - reason unknown",
"TrailingMessageData-ServerKeyExchange":"Test failure - reason unknown",
"TrailingMessageData-CertificateRequest":"Test failure - reason unknown",
"TrailingMessageData-ServerHelloDone":"Test failure - reason unknown",
"TrailingMessageData-ClientKeyExchange":"Test failure - reason unknown",
"TrailingMessageData-ClientCertificate":"Test failure - reason unknown",
"TrailingMessageData-CertificateVerify":"Test failure - reason unknown",
"TrailingMessageData-NextProtocol":"Test failure - reason unknown",
"TrailingMessageData-NewSessionTicket":"Test failure - reason unknown",
"TrailingMessageData-ClientFinished":"Test failure - reason unknown",
"TrailingMessageData-ServerFinished":"Test failure - reason unknown",
"TrailingMessageData-HelloVerifyRequest-DTLS":"Test failure - reason unknown",
"TrailingMessageData-ServerHello-DTLS":"Test failure - reason unknown",
"TrailingMessageData-ServerCertificate-DTLS":"Test failure - reason unknown",
"TrailingMessageData-ServerKeyExchange-DTLS":"Test failure - reason unknown",
"TrailingMessageData-CertificateRequest-DTLS":"Test failure - reason unknown",
"TrailingMessageData-ServerHelloDone-DTLS":"Test failure - reason unknown",
"TrailingMessageData-ClientCertificate-DTLS":"Test failure - reason unknown",
"TrailingMessageData-CertificateVerify-DTLS":"Test failure - reason unknown",
"TrailingMessageData-ClientKeyExchange-DTLS":"Test failure - reason unknown",
"TrailingMessageData-ClientFinished-DTLS":"Test failure - reason unknown",
"TrailingMessageData-NewSessionTicket-DTLS":"Test failure - reason unknown",
"TrailingMessageData-ServerFinished-DTLS":"Test failure - reason unknown",
"MissingKeyShare-Client":"Test failure - reason unknown",
"MissingKeyShare-Server":"Test failure - reason unknown",
"DuplicateKeyShares":"Test failure - reason unknown",
"SkipEarlyData":"Test failure - reason unknown",
"SkipEarlyData-OmitEarlyDataExtension":"Test failure - reason unknown",
"SkipEarlyData-TooMuchData":"Test failure - reason unknown",
"SkipEarlyData-Interleaved":"Test failure - reason unknown",
"SkipEarlyData-HRR":"Test failure - reason unknown",
"SkipEarlyData-HRR-Interleaved":"Test failure - reason unknown",
"SkipEarlyData-HRR-TooMuchData":"Test failure - reason unknown",
"SkipEarlyData-HRR-FatalAlert":"Test failure - reason unknown",
"SkipEarlyData-EarlyDataInTLS12":"Test failure - reason unknown",
"SkipEarlyData-SecondClientHelloEarlyData":"Test failure - reason unknown",
"EmptyEncryptedExtensions":"Test failure - reason unknown",
"EncryptedExtensionsWithKeyShare":"Test failure - reason unknown",
"UnknownCurve-HelloRetryRequest":"Test failure - reason unknown",
"UnnecessaryHelloRetryRequest":"Test failure - reason unknown",
"HelloRetryRequest-Empty":"Test failure - reason unknown",
"SecondHelloRetryRequest":"Test failure - reason unknown",
"HelloRetryRequest-DuplicateCurve":"Test failure - reason unknown",
"HelloRetryRequest-DuplicateCookie":"Test failure - reason unknown",
"HelloRetryRequest-EmptyCookie":"Test failure - reason unknown",
"HelloRetryRequest-Unknown":"Test failure - reason unknown",
"SecondClientHelloMissingKeyShare":"Test failure - reason unknown",
"SecondClientHelloWrongCurve":"Test failure - reason unknown",
"HelloRetryRequestVersionMismatch":"Test failure - reason unknown",
"HelloRetryRequestCurveMismatch":"Test failure - reason unknown",
"SkipHelloRetryRequest":"Test failure - reason unknown",
"Peek-Renegotiate":"Test failure - reason unknown",
"Peek-KeyUpdate":"Test failure - reason unknown",
"DTLS-Retransmit-Client-12":"Test failure - reason unknown",
"DTLS-Retransmit-Timeout":"Test failure - reason unknown",
"DTLS-Retransmit-Server-12":"Test failure - reason unknown",
"DTLS-Retransmit-Fudge":"Test failure - reason unknown",
"DTLS-Retransmit-Fragmented":"Test failure - reason unknown",
"TrailingMessageData-ClientHello-DTLS":"Test failure - reason unknown",
"SendFallbackSCSV":"Current runner version uses old draft TLSv1.3",
"VersionNegotiationExtension-TLS11":"Current runner version uses old draft TLSv1.3",
"VersionNegotiationExtension-TLS1":"Current runner version uses old draft TLSv1.3",
"VersionNegotiationExtension-SSL3":"Current runner version uses old draft TLSv1.3",
"ConflictingVersionNegotiation":"Current runner version uses old draft TLSv1.3"
},
"ErrorMap" : {
":UNEXPECTED_MESSAGE:":"unexpected message",
":INAPPROPRIATE_FALLBACK:":"inappropriate fallback",
":UNEXPECTED_RECORD:":"unexpected message",
":TLSV1_ALERT_RECORD_OVERFLOW:":"tlsv1 alert record overflow",
":WRONG_SSL_VERSION:":"no protocols available",
":BAD_ALERT:":"invalid alert",
":HTTP_REQUEST:":"http request",
":HTTPS_PROXY_REQUEST:":"https proxy request",
":WRONG_CERTIFICATE_TYPE:":"wrong certificate type",
":WRONG_VERSION_NUMBER:":"wrong version number",
":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:":"decryption failed or bad record mac",
":DIGEST_CHECK_FAILED:":"digest check failed",
":TOO_MANY_EMPTY_FRAGMENTS:":"record too small",
":TOO_MANY_WARNING_ALERTS:":"too many warn alerts",
":DATA_LENGTH_TOO_LONG:":"data length too long",
":EXCESSIVE_MESSAGE_SIZE:":"excessive message size",
":ENCRYPTED_LENGTH_TOO_LONG:":"packet length too long",
":INVALID_COMPRESSION_LIST:":"no compression specified",
":NO_SHARED_CIPHER:":"no shared cipher",
":WRONG_CIPHER_RETURNED:":"wrong cipher returned",
":HANDSHAKE_FAILURE_ON_CLIENT_HELLO:":"sslv3 alert handshake failure",
":UNKNOWN_CIPHER_RETURNED:":"unknown cipher returned",
":BAD_SIGNATURE:":"bad signature",
":BAD_DH_P_LENGTH:":"dh key too small",
":PEER_DID_NOT_RETURN_A_CERTIFICATE:":"peer did not return a certificate",
":UNSUPPORTED_PROTOCOL:":"unsupported protocol",
":PARSE_TLSEXT:":"bad extension",
":BAD_SRTP_PROTECTION_PROFILE_LIST:":"bad srtp protection profile list",
":OLD_SESSION_VERSION_NOT_RETURNED:":"ssl session version mismatch",
":RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION:":"inconsistent extms",
":RENEGOTIATION_EMS_MISMATCH:":"inconsistent extms",
":RENEGOTIATION_MISMATCH:":"renegotiation mismatch",
":WRONG_SIGNATURE_TYPE:":"wrong signature type",
":BAD_ECC_CERT:":"wrong curve",
":WRONG_CURVE:":"wrong curve",
":INVALID_ENCODING:":"invalid encoding",
":CERTIFICATE_VERIFY_FAILED:":"certificate verify failed",
":BAD_CHANGE_CIPHER_SPEC:":"bad change cipher spec",
":ECC_CERT_NOT_FOR_SIGNING:":"ecc cert not for signing",
":OLD_SESSION_CIPHER_NOT_RETURNED:":"old session cipher not returned",
":RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION:":"inconsistent extms"
}
}

1312
test/ossl_shim/ossl_shim.cc
View File

File diff suppressed because it is too large Load Diff

299
test/ossl_shim/packeted_bio.cc
View File

@ -1,299 +0,0 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "packeted_bio.h"
#include <assert.h>
#include <limits.h>
#include <stdio.h>
#include <string.h>
#include <openssl/crypto.h>
namespace {
const uint8_t kOpcodePacket = 'P';
const uint8_t kOpcodeTimeout = 'T';
const uint8_t kOpcodeTimeoutAck = 't';
struct PacketedBio {
explicit PacketedBio(bool advance_clock_arg)
: advance_clock(advance_clock_arg) {
memset(&timeout, 0, sizeof(timeout));
memset(&clock, 0, sizeof(clock));
memset(&read_deadline, 0, sizeof(read_deadline));
}
bool HasTimeout() const {
return timeout.tv_sec != 0 || timeout.tv_usec != 0;
}
bool CanRead() const {
if (read_deadline.tv_sec == 0 && read_deadline.tv_usec == 0) {
return true;
}
if (clock.tv_sec == read_deadline.tv_sec) {
return clock.tv_usec < read_deadline.tv_usec;
}
return clock.tv_sec < read_deadline.tv_sec;
}
timeval timeout;
timeval clock;
timeval read_deadline;
bool advance_clock;
};
PacketedBio *GetData(BIO *bio) {
return (PacketedBio *)BIO_get_data(bio);
}
const PacketedBio *GetData(const BIO *bio) {
return GetData(const_cast<BIO*>(bio));
}
// ReadAll reads |len| bytes from |bio| into |out|. It returns 1 on success and
// 0 or -1 on error.
static int ReadAll(BIO *bio, uint8_t *out, size_t len) {
while (len > 0) {
int chunk_len = INT_MAX;
if (len <= INT_MAX) {
chunk_len = (int)len;
}
int ret = BIO_read(bio, out, chunk_len);
if (ret <= 0) {
return ret;
}
out += ret;
len -= ret;
}
return 1;
}
static int PacketedWrite(BIO *bio, const char *in, int inl) {
if (BIO_next(bio) == NULL) {
return 0;
}
BIO_clear_retry_flags(bio);
// Write the header.
uint8_t header[5];
header[0] = kOpcodePacket;
header[1] = (inl >> 24) & 0xff;
header[2] = (inl >> 16) & 0xff;
header[3] = (inl >> 8) & 0xff;
header[4] = inl & 0xff;
int ret = BIO_write(BIO_next(bio), header, sizeof(header));
if (ret <= 0) {
BIO_copy_next_retry(bio);
return ret;
}
// Write the buffer.
ret = BIO_write(BIO_next(bio), in, inl);
if (ret < 0 || (inl > 0 && ret == 0)) {
BIO_copy_next_retry(bio);
return ret;
}
assert(ret == inl);
return ret;
}
static int PacketedRead(BIO *bio, char *out, int outl) {
PacketedBio *data = GetData(bio);
if (BIO_next(bio) == NULL) {
return 0;
}
BIO_clear_retry_flags(bio);
for (;;) {
// Check if the read deadline has passed.
if (!data->CanRead()) {
BIO_set_retry_read(bio);
return -1;
}
// Read the opcode.
uint8_t opcode;
int ret = ReadAll(BIO_next(bio), &opcode, sizeof(opcode));
if (ret <= 0) {
BIO_copy_next_retry(bio);
return ret;
}
if (opcode == kOpcodeTimeout) {
// The caller is required to advance any pending timeouts before
// continuing.
if (data->HasTimeout()) {
fprintf(stderr, "Unprocessed timeout!\n");
return -1;
}
// Process the timeout.
uint8_t buf[8];
ret = ReadAll(BIO_next(bio), buf, sizeof(buf));
if (ret <= 0) {
BIO_copy_next_retry(bio);
return ret;
}
uint64_t timeout = (static_cast<uint64_t>(buf[0]) << 56) |
(static_cast<uint64_t>(buf[1]) << 48) |
(static_cast<uint64_t>(buf[2]) << 40) |
(static_cast<uint64_t>(buf[3]) << 32) |
(static_cast<uint64_t>(buf[4]) << 24) |
(static_cast<uint64_t>(buf[5]) << 16) |
(static_cast<uint64_t>(buf[6]) << 8) |
static_cast<uint64_t>(buf[7]);
timeout /= 1000; // Convert nanoseconds to microseconds.
data->timeout.tv_usec = timeout % 1000000;
data->timeout.tv_sec = timeout / 1000000;
// Send an ACK to the peer.
ret = BIO_write(BIO_next(bio), &kOpcodeTimeoutAck, 1);
if (ret <= 0) {
return ret;
}
assert(ret == 1);
if (!data->advance_clock) {
// Signal to the caller to retry the read, after advancing the clock.
BIO_set_retry_read(bio);
return -1;
}
PacketedBioAdvanceClock(bio);
continue;
}
if (opcode != kOpcodePacket) {
fprintf(stderr, "Unknown opcode, %u\n", opcode);
return -1;
}
// Read the length prefix.
uint8_t len_bytes[4];
ret = ReadAll(BIO_next(bio), len_bytes, sizeof(len_bytes));
if (ret <= 0) {
BIO_copy_next_retry(bio);
return ret;
}
uint32_t len = (len_bytes[0] << 24) | (len_bytes[1] << 16) |
(len_bytes[2] << 8) | len_bytes[3];
uint8_t *buf = (uint8_t *)OPENSSL_malloc(len);
if (buf == NULL) {
return -1;
}
ret = ReadAll(BIO_next(bio), buf, len);
if (ret <= 0) {
fprintf(stderr, "Packeted BIO was truncated\n");
return -1;
}
if (outl > (int)len) {
outl = len;
}
memcpy(out, buf, outl);
OPENSSL_free(buf);
return outl;
}
}
static long PacketedCtrl(BIO *bio, int cmd, long num, void *ptr) {
if (cmd == BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT) {
memcpy(&GetData(bio)->read_deadline, ptr, sizeof(timeval));
return 1;
}
if (BIO_next(bio) == NULL) {
return 0;
}
BIO_clear_retry_flags(bio);
int ret = BIO_ctrl(BIO_next(bio), cmd, num, ptr);
BIO_copy_next_retry(bio);
return ret;
}
static int PacketedNew(BIO *bio) {
BIO_set_init(bio, 1);
return 1;
}
static int PacketedFree(BIO *bio) {
if (bio == NULL) {
return 0;
}
delete GetData(bio);
BIO_set_init(bio, 0);
return 1;
}
static long PacketedCallbackCtrl(BIO *bio, int cmd, BIO_info_cb fp)
{
if (BIO_next(bio) == NULL)
return 0;
return BIO_callback_ctrl(BIO_next(bio), cmd, fp);
}
static BIO_METHOD *g_packeted_bio_method = NULL;
static const BIO_METHOD *PacketedMethod(void)
{
if (g_packeted_bio_method == NULL) {
g_packeted_bio_method = BIO_meth_new(BIO_TYPE_FILTER, "packeted bio");
if ( g_packeted_bio_method == NULL
|| !BIO_meth_set_write(g_packeted_bio_method, PacketedWrite)
|| !BIO_meth_set_read(g_packeted_bio_method, PacketedRead)
|| !BIO_meth_set_ctrl(g_packeted_bio_method, PacketedCtrl)
|| !BIO_meth_set_create(g_packeted_bio_method, PacketedNew)
|| !BIO_meth_set_destroy(g_packeted_bio_method, PacketedFree)
|| !BIO_meth_set_callback_ctrl(g_packeted_bio_method,
PacketedCallbackCtrl))
return NULL;
}
return g_packeted_bio_method;
}
} // namespace
bssl::UniquePtr<BIO> PacketedBioCreate(bool advance_clock) {
bssl::UniquePtr<BIO> bio(BIO_new(PacketedMethod()));
if (!bio) {
return nullptr;
}
BIO_set_data(bio.get(), new PacketedBio(advance_clock));
return bio;
}
timeval PacketedBioGetClock(const BIO *bio) {
return GetData(bio)->clock;
}
bool PacketedBioAdvanceClock(BIO *bio) {
PacketedBio *data = GetData(bio);
if (data == nullptr) {
return false;
}
if (!data->HasTimeout()) {
return false;
}
data->clock.tv_usec += data->timeout.tv_usec;
data->clock.tv_sec += data->clock.tv_usec / 1000000;
data->clock.tv_usec %= 1000000;
data->clock.tv_sec += data->timeout.tv_sec;
memset(&data->timeout, 0, sizeof(data->timeout));
return true;
}

35
test/ossl_shim/packeted_bio.h
View File

@ -1,35 +0,0 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifndef OSSL_TEST_SHIM_PACKETED_BIO_H
#define OSSL_TEST_SHIM_PACKETED_BIO_H
#include <openssl/base.h>
#include <openssl/bio.h>
// PacketedBioCreate creates a filter BIO which implements a reliable in-order
// blocking datagram socket. It internally maintains a clock and honors
// |BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT| based on it.
//
// During a |BIO_read|, the peer may signal the filter BIO to simulate a
// timeout. If |advance_clock| is true, it automatically advances the clock and
// continues reading, subject to the read deadline. Otherwise, it fails
// immediately. The caller must then call |PacketedBioAdvanceClock| before
// retrying |BIO_read|.
bssl::UniquePtr<BIO> PacketedBioCreate(bool advance_clock);
// PacketedBioGetClock returns the current time for |bio|.
timeval PacketedBioGetClock(const BIO *bio);
// PacketedBioAdvanceClock advances |bio|'s internal clock and returns true if
// there is a pending timeout. Otherwise, it returns false.
bool PacketedBioAdvanceClock(BIO *bio);
#endif // OSSL_TEST_SHIM_PACKETED_BIO_H

195
test/ossl_shim/test_config.cc
View File

@ -1,195 +0,0 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "test_config.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <memory>
#include <openssl/evp.h>
namespace {
template <typename T>
struct Flag {
const char *flag;
T TestConfig::*member;
};
// FindField looks for the flag in |flags| that matches |flag|. If one is found,
// it returns a pointer to the corresponding field in |config|. Otherwise, it
// returns NULL.
template<typename T, size_t N>
T *FindField(TestConfig *config, const Flag<T> (&flags)[N], const char *flag) {
for (size_t i = 0; i < N; i++) {
if (strcmp(flag, flags[i].flag) == 0) {
return &(config->*(flags[i].member));
}
}
return NULL;
}
const Flag<bool> kBoolFlags[] = {
{ "-server", &TestConfig::is_server },
{ "-dtls", &TestConfig::is_dtls },
{ "-fallback-scsv", &TestConfig::fallback_scsv },
{ "-require-any-client-certificate",
&TestConfig::require_any_client_certificate },
{ "-async", &TestConfig::async },
{ "-write-different-record-sizes",
&TestConfig::write_different_record_sizes },
{ "-partial-write", &TestConfig::partial_write },
{ "-no-tls13", &TestConfig::no_tls13 },
{ "-no-tls12", &TestConfig::no_tls12 },
{ "-no-tls11", &TestConfig::no_tls11 },
{ "-no-tls1", &TestConfig::no_tls1 },
{ "-no-ssl3", &TestConfig::no_ssl3 },
{ "-shim-writes-first", &TestConfig::shim_writes_first },
{ "-expect-session-miss", &TestConfig::expect_session_miss },
{ "-decline-alpn", &TestConfig::decline_alpn },
{ "-expect-extended-master-secret",
&TestConfig::expect_extended_master_secret },
{ "-implicit-handshake", &TestConfig::implicit_handshake },
{ "-handshake-never-done", &TestConfig::handshake_never_done },
{ "-use-export-context", &TestConfig::use_export_context },
{ "-expect-ticket-renewal", &TestConfig::expect_ticket_renewal },
{ "-expect-no-session", &TestConfig::expect_no_session },
{ "-use-ticket-callback", &TestConfig::use_ticket_callback },
{ "-renew-ticket", &TestConfig::renew_ticket },
{ "-enable-client-custom-extension",
&TestConfig::enable_client_custom_extension },
{ "-enable-server-custom-extension",
&TestConfig::enable_server_custom_extension },
{ "-custom-extension-skip", &TestConfig::custom_extension_skip },
{ "-custom-extension-fail-add", &TestConfig::custom_extension_fail_add },
{ "-check-close-notify", &TestConfig::check_close_notify },
{ "-shim-shuts-down", &TestConfig::shim_shuts_down },
{ "-verify-fail", &TestConfig::verify_fail },
{ "-verify-peer", &TestConfig::verify_peer },
{ "-expect-verify-result", &TestConfig::expect_verify_result },
{ "-renegotiate-freely", &TestConfig::renegotiate_freely },
{ "-p384-only", &TestConfig::p384_only },
{ "-enable-all-curves", &TestConfig::enable_all_curves },
{ "-use-sparse-dh-prime", &TestConfig::use_sparse_dh_prime },
{ "-use-old-client-cert-callback",
&TestConfig::use_old_client_cert_callback },
{ "-use-null-client-ca-list", &TestConfig::use_null_client_ca_list },
{ "-peek-then-read", &TestConfig::peek_then_read },
};
const Flag<std::string> kStringFlags[] = {
{ "-key-file", &TestConfig::key_file },
{ "-cert-file", &TestConfig::cert_file },
{ "-expect-server-name", &TestConfig::expected_server_name },
{ "-advertise-npn", &TestConfig::advertise_npn },
{ "-expect-next-proto", &TestConfig::expected_next_proto },
{ "-select-next-proto", &TestConfig::select_next_proto },
{ "-host-name", &TestConfig::host_name },
{ "-advertise-alpn", &TestConfig::advertise_alpn },
{ "-expect-alpn", &TestConfig::expected_alpn },
{ "-expect-advertised-alpn", &TestConfig::expected_advertised_alpn },
{ "-select-alpn", &TestConfig::select_alpn },
{ "-psk", &TestConfig::psk },
{ "-psk-identity", &TestConfig::psk_identity },
{ "-srtp-profiles", &TestConfig::srtp_profiles },
{ "-cipher", &TestConfig::cipher },
{ "-export-label", &TestConfig::export_label },
{ "-export-context", &TestConfig::export_context },
};
const Flag<std::string> kBase64Flags[] = {
{ "-expect-certificate-types", &TestConfig::expected_certificate_types },
};
const Flag<int> kIntFlags[] = {
{ "-port", &TestConfig::port },
{ "-resume-count", &TestConfig::resume_count },
{ "-min-version", &TestConfig::min_version },
{ "-max-version", &TestConfig::max_version },
{ "-mtu", &TestConfig::mtu },
{ "-export-keying-material", &TestConfig::export_keying_material },
{ "-expect-total-renegotiations", &TestConfig::expect_total_renegotiations },
{ "-max-cert-list", &TestConfig::max_cert_list },
};
} // namespace
bool ParseConfig(int argc, char **argv, TestConfig *out_config) {
for (int i = 0; i < argc; i++) {
bool *bool_field = FindField(out_config, kBoolFlags, argv[i]);
if (bool_field != NULL) {
*bool_field = true;
continue;
}
std::string *string_field = FindField(out_config, kStringFlags, argv[i]);
if (string_field != NULL) {
const char *val;
i++;
if (i >= argc) {
fprintf(stderr, "Missing parameter\n");
return false;
}
/*
* Fix up the -cipher argument. runner uses "DEFAULT:NULL-SHA" to enable
* the NULL-SHA cipher. However in OpenSSL "DEFAULT" permanently switches
* off NULL ciphers, so we use "ALL:NULL-SHA" instead.
*/
if (strcmp(argv[i - 1], "-cipher") == 0
&& strcmp(argv[i], "DEFAULT:NULL-SHA") == 0)
val = "ALL:NULL-SHA";
else
val = argv[i];
string_field->assign(val);
continue;
}
std::string *base64_field = FindField(out_config, kBase64Flags, argv[i]);
if (base64_field != NULL) {
i++;
if (i >= argc) {
fprintf(stderr, "Missing parameter\n");
return false;
}
std::unique_ptr<uint8_t[]> decoded(new uint8_t[strlen(argv[i])]);
int len = EVP_DecodeBlock(decoded.get(),
reinterpret_cast<const uint8_t *>(argv[i]),
strlen(argv[i]));
if (len < 0) {
fprintf(stderr, "Invalid base64: %s\n", argv[i]);
return false;
}
base64_field->assign(reinterpret_cast<const char *>(decoded.get()), len);
continue;
}
int *int_field = FindField(out_config, kIntFlags, argv[i]);
if (int_field) {
i++;
if (i >= argc) {
fprintf(stderr, "Missing parameter\n");
return false;
}
*int_field = atoi(argv[i]);
continue;
}
fprintf(stderr, "Unknown argument: %s\n", argv[i]);
exit(89);
return false;
}
return true;
}

90
test/ossl_shim/test_config.h
View File

@ -1,90 +0,0 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifndef OSSL_TEST_SHIM_TEST_CONFIG_H
#define OSSL_TEST_SHIM_TEST_CONFIG_H
#include <string>
#include <vector>
#include <openssl/configuration.h>
struct TestConfig {
int port = 0;
bool is_server = false;
bool is_dtls = false;
int resume_count = 0;
bool fallback_scsv = false;
std::string key_file;
std::string cert_file;
std::string expected_server_name;
std::string expected_certificate_types;
bool require_any_client_certificate = false;
std::string advertise_npn;
std::string expected_next_proto;
std::string select_next_proto;
bool async = false;
bool write_different_record_sizes = false;
bool partial_write = false;
bool no_tls13 = false;
bool no_tls12 = false;
bool no_tls11 = false;
bool no_tls1 = false;
bool no_ssl3 = false;
bool shim_writes_first = false;
std::string host_name;
std::string advertise_alpn;
std::string expected_alpn;
std::string expected_advertised_alpn;
std::string select_alpn;
bool decline_alpn = false;
bool expect_session_miss = false;
bool expect_extended_master_secret = false;
std::string psk;
std::string psk_identity;
std::string srtp_profiles;
int min_version = 0;
int max_version = 0;
int mtu = 0;
bool implicit_handshake = false;
std::string cipher;
bool handshake_never_done = false;
int export_keying_material = 0;
std::string export_label;
std::string export_context;
bool use_export_context = false;
bool expect_ticket_renewal = false;
bool expect_no_session = false;
bool use_ticket_callback = false;
bool renew_ticket = false;
bool enable_client_custom_extension = false;
bool enable_server_custom_extension = false;
bool custom_extension_skip = false;
bool custom_extension_fail_add = false;
bool check_close_notify = false;
bool shim_shuts_down = false;
bool verify_fail = false;
bool verify_peer = false;
bool expect_verify_result = false;
int expect_total_renegotiations = 0;
bool renegotiate_freely = false;
bool p384_only = false;
bool enable_all_curves = false;
bool use_sparse_dh_prime = false;
bool use_old_client_cert_callback = false;
bool use_null_client_ca_list = false;
bool peek_then_read = false;
int max_cert_list = 0;
};
bool ParseConfig(int argc, char **argv, TestConfig *out_config);
#endif // OSSL_TEST_SHIM_TEST_CONFIG_H

30
test/recipes/95-test_external_boringssl.t
View File

@ -1,30 +0,0 @@
#! /usr/bin/env perl
# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
use OpenSSL::Test;
use OpenSSL::Test::Utils;
use OpenSSL::Test qw/:DEFAULT bldtop_file srctop_file cmdstr/;
setup("test_external_boringssl");
plan skip_all => "No external tests in this configuration"
if disabled("external-tests");
plan skip_all => "BoringSSL runner not detected"
if !$ENV{BORING_RUNNER_DIR};
plan tests => 1;
indir $ENV{BORING_RUNNER_DIR} => sub {
ok(run(cmd(["go", "test", "-shim-path",
bldtop_file("test", "ossl_shim", "ossl_shim"),
"-shim-config",
srctop_file("test", "ossl_shim", "ossl_config.json"),
"-pipe", "-allow-unimplemented"]), prefix => "go test: "),
"running BoringSSL tests");
}, create => 0, cleanup => 0;